SWC-124

Title

Relationships

Description

A smart contract's data (e.g., storing the owner of the contract) is persistently stored
at some storage location (i.e., a key or address) on the EVM level. The contract is
responsible for ensuring that only authorized user or contract accounts may write to
sensitive storage locations. If an attacker is able to write to arbitrary storage
locations of a contract, the authorization checks may easily be circumvented. This can
allow an attacker to corrupt the storage; for instance, by overwriting a field that stores
the address of the contract owner.

Remediation

As a general advice, given that all data structures share the same storage (address)
space, one should make sure that writes to one data structure cannot inadvertently
overwrite entries of another data structure.